Friday, October 26, 2012

Threat Management is still a relatively new concept; there is no industry standard definition for it. In fact, the few people who are talking about it right now tend to view it from at least two very different perspectives – one a product focused approach to unifying perimeter security tools and two, a practice-focused management paradigm. As it evolves, Threat Management will eventually encompass both of those perspectives and will likely become perhaps the single most important element within any given Cyber Security solution.

The reason why it will become so critical is that Threat Management allows us for the first time to build upon a complex conceptual framework with a variety of analytical tools which will automate an ever-growing percentage of Cyber Security tasks. Without this framework it would remain difficult or nearly impossible to manage Cyber Security in a proactive and coordinated manner. For the purposes of this discussion let’s define Threat Management as:

“The conceptual and technical framework dedicated to discovering, defining and managing threats to operational security and mission assurance. Threat Management is software & hardware agnostic and can apply as an integrated IT practice in any functional domain. The goal of Threat Management is not merely to ensure that immediate (local domain) threats are mitigated but that threats are also managed in the context of communities of interdependent or inter-related entities. Threat Management depends upon top-down, bottom-up and lateral participation or guidance to build knowledge frameworks which can then be used to define security policy and solution mitigation.”

So, what is a “Threat” given this construct? A Threat is “any event, vulnerability or behavior (or combination thereof) that either poses a danger to the operational mission or if combined with other events, vulnerabilities or behavior could constitute a threat to the operational mission.”

The first step towards identifying threats is to define what threats actually represent

In that last sentence we begin to see the systems implications of what we’re talking about. The goals here are two-fold; one – block a threat before it is manifested or two – stop a threat in motion that wasn’t blocked in time to preserve operational capability. The other key consideration here is that we’re viewing this practice as evolutionary – it learns as it goes and learns from the community which uses it.

Threat Management and Semantic Technology Much of what we’re describing with Threat Management already occurs in some fashion; however that is not consistent from one enterprise to another and in fact much of it is handled using manual processes with little ability to correlate or manage various aspects of the problem in a unified approach. To unify Threat Management we need a mechanism which allows us to characterize all aspects of Threats and to correlate that information from information collected from the full spectrum of security related software or hardware appliances.

Threat Management as we’re describing it here is wholly dependent on a Semantic Knowledge layer and data exchange architecture. This allows us to:

Provide a knowledge sharing framework for the community of defenders and security experts who analyze existing or predict future threats.

Build policies based upon Threat Activity and Threat Prediction – policies that can also be captured, manifested and distributed using Semantic technology.

Drive dynamic reconfiguration of H/W and S/W infrastructure in response to policy definition and distribution.

While there are Security vendors that have made incredible progress in being to integrate some of these capabilities in the context of their proprietary tools, this approach ultimately will fail without the Semantic layer for one simple reason – the entire world is never going to standardize on one security tool. However, the Semantic Layer for Threat Management can extend to encompass any infrastructure or combination of security tools.

Subscribe

Sponsored by Semantech Inc.

About Me

Stephen Lahanas is Vice President and co-founder of Semantech
Incorporated. He has served as a CIO, a Chief Engineer for the US Air
Force and also served as an IT Architect for nearly a dozen other
commercial and Federal projects.

Mr. Lahanas has been an IT thought leader and innovator for nearly 20
years in the fields of E-learning, Semantic Technology, Cyber Security
and Enterprise Architecture.

Technovation Quotes

It's not that I'm so smart, it's just that I stay with problems longer.

Albert Einstein

The machine does not isolate man from the great problems of nature but plunges him more deeply into them.

Antoine de Saint-Exupery

I saw the angel in the marble and carved until I set him free.Michelangelo.

If you only have a hammer, you tend to see every problem as a nail.Abraham Maslow

The best way to predict the future is to invent it.Alan Kay

Choose a job you love, and you will never have to work a day in your life.Confucius

I am convinced all of humanity is born with more gifts than we know. Most are born geniuses and just get de-geniused rapidly. Buckminster Fuller

Programming is like sex. One mistake and you have to support it for the rest of your life. Michael Sinz

One man's constant is another man's variable.Alan J. Perlis

If at first, the idea is not absurd, then there is no hope for it.Albert Einstein

There are truths on this side of the Pyrenees, which are falsehoods on the other.Blaise Pascal

A lot of people in our industry haven’t had very diverse experiences. So they don’t have enough dots to connect, and they end up with very linear solutions without a broad perspective on the problem. The broader one’s understanding of the human experience, the better design we will have.Steve Jobs

Experience is not what happens to you; it's what you do with what happens to you.Aldous Huxley

Knowledge in the form of an informational commodity indispensable to productive power is already, and will continue to be, a major --perhaps the major --stake in the worldwide competition for power. It is conceivable that the nation-states will one day fight for control of information, just as they battled in the past for control over territory, and afterwards for control over access to and exploitation of raw materials and cheap labor.Jean Francois Lyotard

While all other sciences have advanced, that of government is at a standstill - little better understood, little better practiced now than three or four thousand years ago.John Adams